Adroit Knowledge Base

Agent Server
Custom Agent Designer
Drivers
General
HASP
Reporting
Security
Setup
User Interface
Wanlink
Licencing

Translate

Adroit Newsletter

Sign up now for the latest news and updates in Adroit

Security Print E-mail
1. If I use Auto-logon to log operators onto the computer, how do I logon as Administrator again?

Answer:
Hold down the shift key just after you log off, you will not auto-logon, and instead the normal logon dialog will appear, you can also do this at start-up. When finished, log off, and the system will auto logon as per the registry settings. (Please see separate KB item on how to do this by searching for keywords "auto logon")

2. What differences exist when using Adroit on Win2000 and not Windows NT?

Answer:
For Adroit to work properly you need to be logged on as a member of the Power Users group instead of just Users group as in NT. The reason being that security has been tightened up and certain things you could do as a simple User on NT you need to be a Power User on Win2000.

3. My Event viewer does not refresh, but if I scroll down and then up, it shows my new events. If I log on as an Administrator it all works fine, but not when I'm an operator. Do I have a security problem?

Answer:
It is possible to secure the Menu option for "Refresh"; when securing a menu option, any button or hotkey tied to the menu is also disabled, hence the "F5" key will have no effect. The auto-refresh feature ALSO stops the refresh because it was intentionally secured.

4. How can the Windows Task Manager be disabled?

Answer:
Using the registry editor, change the HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr value to 1. The default value is 0 which enables the task manager. IMPORTANT: This is advanced information, if you use the Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system, use this Registry Editor at your own risk. Also do not implement this change unless you understand exactly how these will affect the operation of your Adroit installation, if you have any doubts, please contact the Adroit Support, before changing the registry.

5. Why does the Adroit security log on not work in WinNT or Win2000?

Answer:
1.) Ensure that accounts have been created for each Adroit user. For full details on creating user accounts refer to the Microsoft Windows NT User Guide, User Manager or the Windows 2000 Resource Kit. 2.) Ensure that the "Act as part of the operating system" user right is added to all of these accounts, for full details on how this is accomplished look in the help for the following topics: To configure a security setup for Adroit in Windows NT. To configure a security setup for Adroit in Windows 2000. Note: In Windows 2000, ensure that all the users belong to the "Power User" security group instead of the default "User" group. Since the "Power User" group in Windows 2000 has the same access rights as the "User" group in Windows NT 4.

6. How do I configure the desktop to be replaced with the Adroit User Interface and user limitations to be are applied with respect to interaction with Windows, for a PC running Windows 2000 or Windows XP?

Answer:
This procedure explains how to set up a Windows 2000 or XP PC to run as an operator workstation where the desktop is replaced with the Adroit User Interface and one or more of the following user limitations can be applied with respect to interaction with Windows:
1.) The Task Manager can be disabled.
2.) Users can be prevented from locking the computer.
3.) Users can be prevented from changing their Windows password on demand.
4.) Users can be prevented from logging off. Note: Ensure that you are logged on to the PC as the local
Administrator i.e. NOT as the domain administrator Create the Local Computer Policy, so that the necessary configuration can be made to this computer's desktop environment.
1.) From the Start menu, select Run, type “mmc” and press OK.
2.) Select the Console menu (for Win2K) or the File menu for (WinXP) and click ‘Add/Remove Snap-in’.
3.) Click the Add… button.
4.) Select ‘Group Policy’ and click the Add button.
5.) Leave the Group Policy Object as ‘Local Computer’
6.) Click the Finish, Close, and OK buttons. Replace the Explorer shell with the Adroit User Interface

1.) On the left hand side of the Console window, expand the following path by double-clicking on the various components: Local Computer Policy\User Configuration\Administrative Templates\Start Menu & Taskbar 2.) On the right hand side of the Console window, select the policy ‘Disable and Remove the Shut down Command’ (for Win2K) or “Remove and prevent access to the Shut down command” (for WinXP).
3.) Right-click on this policy and select Properties
4.) In the Setting tab, click on the Enabled option and click OK Select the ‘System’ folder in the left hand window (for Win2K) or ‘System\Logon’ (for WinXP).
5.) On the right hand side select the policy ‘Custom User Interface’ (for Win2K) or “Run these programs at User Logon” (for WinXP)
6.) Change its Properties to ‘Enabled’, and enter the Adroit.EXE executable together with it’s full path (or command file) to start. To limit user rights do one or more of the following, as required: Select the ‘System\ Logon/Logoff’ folder in the left hand window (for Win2K) or ‘System\Ctl+Alt+Del options’ (for WinXP) Enable the following Policies, as required: ‘Disable Task Manager’ (Win2K) or ‘Remove Task Manager’ (WinXP) ‘Disable Lock Computer’ (Win2K) or ‘Remove Lock Computer’ (WinXP) ‘Disable Change Password’ (Win2K) or ‘Remove Change Password’ (WinXP) ‘Disable Logoff’ (Win2K) or ‘Remove Logoff (WinXP). Note that this will NOT disable the Start\Menu LogOff option, which is correct so as to allow an administrator to start Explorer via a mimic button and log off if required. Save this configuration of the Local Computer Policy: Open the File menu and click ‘Save’, then save this configuration as operator.mmc on the Desktop NB This WILL now affect ALL users including the current administrator user therefore we need to disable this policy for the Administrator as follows:
1.) From the Start menu, select Run, type “regedit” and press OK.
2.) Open the following key: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies]
3.) Open the File menu, select Export… and export this key to the Desktop as administrator.reg.
4.) Edit the administrator.reg file in notepad or another text editor and change the following: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoClose"=dword:00000000 "NoLogoff"=dword:00000000 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"=dword:00000000 "DisableLockWorkstation"=dword:00000000 "DisableChangePassword"=dword:00000000 "Shell"="Explorer.exe"
5.) Save the changes.
6.) Double click on the saved administrator.reg file on the desktop to load the administrator registry settings and allow the Administrator to work on the machine as usual, without limitations. When the Adroit user interface is running in operator mode, you will need to allow an administrator to execute a Windows log off and or shutdown.
To enable this, do the following:
1.) Create a mimic with button with Execute Command behaviour and protected access for the Administrator to start the application explorer.exe. Do the same for other windows applications as required.
2.) This button will launch the desktop – if the desktop is already running, it will launch a standard Explorer window.
3.) You should now see the Logoff menu option in the Start menu. If not, right click on the task bar, select “Properties”, select the “Start Menu” tab, select “Classic Start Menu”, select “Customize”, select “Display Log Off”.
4.) You can now use the “Log Off” start menu item to log off.
5.) Once logged off, log in as Administrator, after which the PC can be shut down normally.

7. How can I disable the launching of the Adroit help file?

Answer:
If you need to disable the launching of the Adroit help file for security reasons, you cannot do this satisfactorily using menu security because operators can STILL access it from the Help button in the picture properties dialog. In this case, rename the Adroit.CHM file in c:\Adroit.

Note: Renaming it is a better option than deleting it, so that you still have access to the file through explorer, should the need arise.